143 million Americans potentially affected
Credit reporting agency Equifax has revealed that it was the target of an unprecedented cyber-attack that makes additional victims of approximately 143 million US residents. The hack has not only exposed the social security numbers of the millions of Americans that have been rated by the agency, but credit card numbers were revealed as well. It is one of the largest security breaches in history.
According to an official statement issued by Equifax, social security numbers, birth dates, addresses, and even driver’s license numbers were all illegally accessed. A much less yet still substantial number of credit card numbers were also exposed, with around 209,000 consumers affected. Shortly after this news was released, shares in Equifax fell more than 8 percent in after hours trading.
In order for consumers to learn if they are among the affected, a website has been established that will allow them to determine if their personal info has been compromised. Anyone who has used Equifax is urged to go to their website here as soon as possible. Equifax has stated that they are offering free credit file monitoring as well as identity theft protection as a result of the concern. Outside sources encourage users to also place an initial 90 day fraud alert on their file, as well. The following official email alert was sent to many of the parties affected:
“…Based on the information provided, we believe that your personal information may have been impacted by this incident…”
Equifax Chief Executive Officer Richard Smith said “This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes”
Credit reporting agencies have long been sources of controversy, and the digital age has only served to compound matters. The risk of consumer’s data being exposed online can easily contribute to making agencies like Equifax less trusted. They have the responsibility to protect and properly handle the financial information of people for the sake of credit reporting. Now many are questioning the safety of sharing their personal info online.
It is believed that the bulk of the infiltration occurred between the middle of May and July of this year. Equifax confirmed that unknown parties were able to hack in due to “a U.S. website application vulnerability (and) gain access to certain files”. Among the range of info affected were dispute documents that contained personally identifying info of another 182,000 consumers.
This isn’t the first time Equifax had been compromised. In 2013, Equifax, Experian, and Transunion (the three biggest credit reporting agencies) all fell victim to hackers who gained illegal, unauthorized access to user information. At the height of that controversy, the credit reports of high profile notables like Michelle Obama and Paris Hilton were illegally posted online.
But this is the most high profile cyber security breach since Yahoo revealed two such incidents last year. The search engine giant was violated twice in 2014, major breaches that affected around 500 million customer accounts. They later uncovered an earlier hack that siphoned email addresses, scrambled account passwords and dates of birth from nearly one billion users.
Outside of the US, users from the U.K. and Canada found themselves compromised by the breach as well. Working with regulators in both countries the international crime was uncovered on July 29. For the most part the corresponding investigations are complete, although the cases will be kept open for a few more weeks, according to Equifax.
At least one class action lawsuit has emerged against Equifax, whose assets are in the area of seven billion dollars. Lawyers in Portland, Oregon filed suit in federal court alleging that “Equifax negligently failed to maintain adequate technological safeguards to protect (the plaintiffs’) information from unauthorized access by hackers”.
Despite containing clauses prohibiting class action lawsuits in the Equifax user agreement, the attorney general determined that the waiver in the terms of use does not apply to cyber security incidents such as this.